AWS Security ChangesHomeSearch

AWS cloudhsm documentation change

Service: cloudhsm · 2026-01-13 · Documentation low

File: cloudhsm/latest/userguide/cluster-connect.md

Summary

Added instructions for placing issuing certificates and bootstrapping EC2 instances using configure-openssl-provider tool

Security assessment

Documents security feature configuration (certificate management and HSM connectivity) but doesn't address any specific vulnerability. Improves operational security documentation.

Diff

diff --git a/cloudhsm/latest/userguide/cluster-connect.md b/cloudhsm/latest/userguide/cluster-connect.md
index e2ec48b08..2ef36912d 100644
--- a//cloudhsm/latest/userguide/cluster-connect.md
+++ b//cloudhsm/latest/userguide/cluster-connect.md
@@ -70,0 +71,12 @@ OpenSSL Dynamic Engine
+OpenSSL Dynamic Engine Provider
+    
+
+###### To place the issuing certificate on Linux for Client SDK 5
+
+  * Use the configure tool to specify a location for the issuing certificate. 
+    
+        $ sudo /opt/cloudhsm/bin/configure-openssl-provider --hsm-ca-cert <customerCA certificate file>
+
+
+
+
@@ -203,0 +216,12 @@ OpenSSL Dynamic Engine
+OpenSSL Dynamic Engine Provider
+    
+
+###### To bootstrap a Linux EC2 instance for Client SDK 5
+
+  * Use the configure tool to specify the IP address of an HSM in your cluster. 
+    
+        $ sudo /opt/cloudhsm/bin/configure-openssl-provider -a <HSM IP addresses>
+
+
+
+